On 2024/02/26 12:49, Peter Xu wrote:
On Sun, Feb 25, 2024 at 02:54:01PM +0900, Akihiko Odaki wrote:
exec_start_outgoing_migration() and exec_start_incoming_migration()
leak argv because it uses g_steal_pointer() is used to pass argv
qio_channel_command_new_spawn() while it does not free argv either.
Removing g_steal_pointer() is not sufficient though because argv is
typed g_auto(GStrv), which means the array of strings *and strings* will
be freed. The strings are only borrowed from the caller of
exec_start_outgoing_migration() and exec_start_incoming_migration() so
freeing them result in double-free.
Instead, type argv as g_autofree char **. This ensures only the array
of strings will be freed and the strings won't be freed. Also, remove
unnecessary casts according to the new type.
Fixes: cbab4face57b ("migration: convert exec backend to accept
MigrateAddress.")
Signed-off-by: Akihiko Odaki
Cc: qemu-stable
Reviewed-by: Peter Xu
This should conflict with Steve's other series:
https://lore.kernel.org/r/1708638470-114846-1-git-send-email-steven.sist...@oracle.com
Considering this can be stable material, should be easier if we have the
other series rebased on top of this, even if that was sent first..
Steve, do you still plan to repost your series? Maybe you can review it &
pick this up into your series? Then whoever pick up your series will pick
up both (Markus will?)?
Patch "migration: simplify exec migration functions" included in the
series fixes the identical problem:
https://lore.kernel.org/all/1708638470-114846-6-git-send-email-steven.sist...@oracle.com/
I withdraw my patch as duplicate.
Regards,
Akihiko Odaki
